diff --git a/prometheus-alertmanager/templates/statefulset.yaml b/prometheus-alertmanager/templates/statefulset.yaml
index 4f5a6d129a..629d049b31 100644
--- a/prometheus-alertmanager/templates/statefulset.yaml
+++ b/prometheus-alertmanager/templates/statefulset.yaml
@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "alertmanager" "containerNames" (list "alertmanager") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
       securityContext:
         readOnlyRootFilesystem: true
diff --git a/prometheus-alertmanager/values.yaml b/prometheus-alertmanager/values.yaml
index f3472ad03a..8528f712fa 100644
--- a/prometheus-alertmanager/values.yaml
+++ b/prometheus-alertmanager/values.yaml
@@ -38,6 +38,10 @@ labels:
     node_selector_value: enabled
 
 pod:
+  mandatory_access_control:
+    type: apparmor
+    alertmanager:
+      alertmanager: localhost/docker-default
   user:
     alertmanager:
       uid: 65534